Share via

Azure KeyValut Secret Expired Event Not Getting Fired

Modou Diouf 0 Reputation points
2024-08-01T07:12:18.43+00:00

Hi,

I have a secret stored in azure key vault with an expired date ,

I want to be notified when the secret near be expired (30 days after the expiration date).

To do that, i used

  • Azure Event Grid to listen the key vault secret event with Microsoft.KeyVault.SecretNearExpiry and Microsoft.KeyVault.SecretExpired,
  • Azure Key vault
  • Alert group (Azure Monitor) to send notification.

But i do not receive notification when the secret near be expired. And i hope the configuration is correct because when i add Microsoft.KeyVault.SecretNewVersionCreated in the Azure Event Grid config, i receive the notification for a new secret created in azure key vault.

I'm following these documentation
https://learn.microsoft.com/en-us/azure/event-grid/handle-key-vault-events-using-azure-monitor-alerts
https://dsfrederic1.medium.com/get-notified-when-azure-key-vault-secrets-expire-b0038bfb937f
https://medium.com/version-1/azure-key-vault-secret-expiry-notifications-using-azure-alerts-e6930d3f135d

Thanks

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,452 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,661 questions
Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
456 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2024-08-02T22:37:29.43+00:00

    Hi @Modou Diouf ,

    If you are not receiving the alert, there are a few things I would check. First, go to the Key Vault and check the Events tab to confirm if the event itself fired.

    User's image

    Then, confirm that the logs themselves are enabled for the Key Vault. As long as logs are enabled, all of the events should be recorded:

    • KeyNearExpiryEventGridNotification
    • KeyExpiredEventGridNotification
    • SecretNearExpiryEventGridNotification
    • SecretExpiredEventGridNotification
    • SecretExpiredEventGridNotification
    • CertificateExpiredEventGridNotification

    https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault#operation-names-table

    You should also be able to see more details in the Webhook.

    If everything seems to be set up correctly, I would recommend making a ticket with the Event Grid team. If you would like me to create a one-time free support case, I can open one for you if you reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak | AKV notification issue") and include your subscription ID and a link to this thread.

    If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions. Otherwise let me know if you have further questions.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.